Customers
University of Pacific
University of the Pacific Increases VM Team Output 5x with Cogent
How a leading research university gained full visibility into its environment, automated remediation, and gave a small security team the capacity of one five times its size.
5x
increase in vulnerability management team output
75%
reduction in MTTR for critical vulnerabilities
1
unified view of assets across 3 campuses
The Customer
University of the Pacific is a leading private university in California, with campuses in Stockton, Sacramento, and San Francisco. The university supports a diverse technology environment spanning student systems, faculty workstations, research infrastructure, and administrative services. Compliance requirements including FERPA, HIPAA, and PCI-DSS add pressure to an already complex security landscape. A small security team is responsible for vulnerability management across all of it.
The Challenge
University of the Pacific's security team had scanning tools in CrowdStrike, Tenable, and Microsoft 365. What they didn't have was a way to act on what the scanners found. Vulnerability data piled up, but the path from "finding" to "fixed" was almost entirely manual.
The environment made this especially painful. Students, faculty, and staff run diverse systems across research programs and academic departments. Devices rotate constantly. Personal laptops, university-owned workstations, and research servers all sit on the same network, and the team had no reliable way to tell them apart.
Without knowing who was responsible for a given asset, every downstream step stalled. The security team couldn't route tickets, couldn't track SLAs, and couldn't report remediation progress with any confidence. When a vulnerability surfaced on a shared server or a research workstation, someone had to investigate manually before any fix could even begin.
Even when the team could identify an asset, they lacked the context to prioritize it. Scanners assigned severity ratings, but couldn't answer the questions that actually mattered: whether a workstation belonged to a VIP user, whether a server was business-critical, whether compensating controls like an active EDR agent already reduced the actual risk.
The result was a growing backlog, extended remediation cycles, and a vulnerability management program that ran on manual effort at every step.
The Solution
University of the Pacific brought in Cogent to close the gap between scanning and remediation. Once connected to the university's existing tools (CrowdStrike, Tenable, Microsoft 365), Cogent built a unified, enriched asset inventory that both Security and IT now use as a single source of truth.
The first thing Cogent's AI agents did was surface hidden context. They automatically identified VIP workstations, discovered business-critical research servers, and mapped ownership across a constantly shifting landscape of student and staff systems. Visibility that was previously impossible to maintain manually became continuous and automatic.
Prioritization changed completely. Scanner severity ratings alone had never been enough to explain risk to IT and operations. Cogent factored in compensating controls like active EDR agents, distinguished actual exploitable risk from scanner noise, and tied findings to business context. A vulnerability on a research server processing grant data looks very different from the same CVE on a student lab machine. The security team could now make that case clearly.
From there, agents built complete remediation plans: what needs to be fixed, who owns it, and the specific steps to get it done. Tickets routed to the right people with full context attached. Cogent created remediation actions with attached scripts and patches. The security team maintained strategic control while agents handled the routine, repeatable work.
A near-term future step is enabling greater remediation autonomy. For low-risk endpoint applications like browsers and common third-party software, Cogent can take remediation a step further by integrating with Pacific's Microsoft Intune infrastructure to apply patches autonomously. The platform will validate each action against the university's risk classifications and patching policies before executing, then confirms the fix landed on the expected cadence, catching misconfigurations or failed patches that would otherwise go unnoticed.
The Results
University of the Pacific now runs a vulnerability management program that would normally require a much larger team. A small security operation manages three campuses, multiple compliance frameworks, and a high-variance environment with the capacity of a team five times its size.
Cogent delivered complete percent asset visibility across the university's entire environment. The agents automatically discovered and classified workstations, servers, and devices, and the enriched asset inventory became the shared source of truth for Security and IT.
MTTR for critical and high-risk vulnerabilities dropped by 75 percent. Findings that previously sat in a queue while someone figured out the owner, assessed the risk, and wrote up remediation steps now move through the pipeline in hours. The bottleneck between "discovered" and "fixed" is gone.
The team's overall output increased 5x. Engineers and security staff who used to spend their days on manual triage and coordination now focus on policy, compliance, and resilience. Agents handle the approved, repeatable remediation work, and the humans stay focused on the decisions that actually require judgment.
